Enterprises are adopting AI faster than they can control it. I help you do both — building the inventories, risk frameworks, controls, and audit trails that turn responsible-AI principles into governance that actually runs, on the ServiceNow platform you already trust.
Agents, models, and embedded AI now sprawl across clouds, SaaS tools, and business units — frequently invisible to the very teams accountable for risk. You can't govern what you can't see.
At the same time, the regulatory floor is rising. The EU AI Act is in force, and frameworks like the NIST AI Risk Management Framework and ISO/IEC 42001 are fast becoming the baseline that boards, buyers, and auditors expect.
Most organizations have policies. Few have controls that run — an inventory of every AI system, risk classified by use, owners assigned, monitoring live, and evidence ready. That's the work.
Find and catalog every model, agent, and AI-enabled system across the enterprise — including shadow AI — and bring it into a single governed register, built on CMDB/CSDM discipline.
Translate NIST AI RMF, the EU AI Act, and ISO 42001 into your context — risk-classify AI by use case and map each obligation to a concrete, ownable control.
Stand up the controls, workflows, and continuous monitoring that keep AI inside the lines — operationalized on ServiceNow IRM and AI governance tooling.
Bring SPM-grade rigor to AI investment — intake, prioritization, and lifecycle oversight so AI initiatives are funded, tracked, and accountable, not scattered.
Turn responsible-AI policy and executive intent into the procedures, roles, and evidence that make governance real on the ground — and survive an audit.
Assemble the documentation, lineage, and reporting that prove control to regulators, customers, and the board — with dashboards leadership will actually use.
AI governance is a new field crowded with two kinds of advisor: ethicists who can't implement, and platform engineers who don't understand governance. The hard part — and the rare one — is operationalizing principles into controls that run.
That's been my work for two decades. CMDB and asset management are the discipline of knowing what you own and proving you control it. Integrated risk is mapping obligation to control. SPM is portfolio governance. I've delivered all three for enterprises that can't afford to get governance wrong — now applied to AI.
Inventory the AI estate, surface shadow AI, and benchmark current governance against the frameworks that apply to you.
Risk-classify by use case and map each obligation to a concrete control, owner, and evidence requirement.
Build the controls, workflows, monitoring, and reporting — configured and validated on ServiceNow.
Hand over a running program your teams can own, extend, and defend — with the documentation to prove it.
Whether you're standing up an AI governance program from zero or operationalizing one that's stuck on paper, let's scope what good looks like for your organization.